Published: 29/01/2012 Updated: 29/08/2017

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 265

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
acidcat acidcat cms 3.5.1
acidcat acidcat cms 3.5.2
acidcat acidcat cms 3.5.6

source: wwwsecurityfocuscom/bid/51608/info Acidcat ASP CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in t ...

CWE-79 http://packetstormsecurity.org/files/108869/acidcat-xss.txt http://secunia.com/advisories/47705 http://www.securityfocus.com/bid/51608 http://osvdb.org/78458 https://exchange.xforce.ibmcloud.com/vulnerabilities/72624 https://nvd.nist.gov https://www.exploit-db.com/exploits/36588/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-0933

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect